From f190e0e9823bd173f45c9812f3407fbc87616b04 Mon Sep 17 00:00:00 2001
From: zhouwenpei <zhouwenpei050@chinasoftinc.com>
Date: Mon, 17 Apr 2023 09:15:41 +0000
Subject: [PATCH] fix CVE-2023-2004

---
 backport-CVE-2023-2004.patch | 37 ++++++++++++++++++++++++++++++++++++
 freetype.spec                |  9 +++++++--
 2 files changed, 44 insertions(+), 2 deletions(-)
 create mode 100644 backport-CVE-2023-2004.patch

diff --git a/backport-CVE-2023-2004.patch b/backport-CVE-2023-2004.patch
new file mode 100644
index 0000000..73f1ed9
--- /dev/null
+++ b/backport-CVE-2023-2004.patch
@@ -0,0 +1,37 @@
+From e6fda039ad638866b7a6a5d046f03278ba1b7611 Mon Sep 17 00:00:00 2001
+From: Werner Lemberg <wl@gnu.org>
+Date: Mon, 14 Nov 2022 19:18:19 +0100
+Subject: [PATCH] * src/truetype/ttgxvar.c (tt_hvadvance_adjust): Integer
+ overflow.
+
+Reported as
+
+  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50462
+---
+ src/truetype/ttgxvar.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/truetype/ttgxvar.c b/src/truetype/ttgxvar.c
+index 110f24a..62dd1df 100644
+--- a/src/truetype/ttgxvar.c
++++ b/src/truetype/ttgxvar.c
+@@ -42,6 +42,7 @@
+ #include <ft2build.h>
+ #include FT_INTERNAL_DEBUG_H
+ #include FT_CONFIG_CONFIG_H
++#include <freetype/internal/ftcalc.h>
+ #include FT_INTERNAL_STREAM_H
+ #include FT_INTERNAL_SFNT_H
+ #include FT_TRUETYPE_TAGS_H
+@@ -1065,7 +1066,7 @@
+                 delta == 1 ? "" : "s",
+                 vertical ? "VVAR" : "HVAR" ));
+ 
+-    *avalue += delta;
++    *avalue = ADD_INT( *avalue, delta );
+ 
+   Exit:
+     return error;
+-- 
+2.33.0
+
diff --git a/freetype.spec b/freetype.spec
index 7c80197..8bb6dd1 100644
--- a/freetype.spec
+++ b/freetype.spec
@@ -4,7 +4,7 @@
 
 Name:           freetype
 Version:        2.10.2
-Release:        4
+Release:        5
 Summary:        FreeType is a freely available software library to render fonts
 License:        (FTL or GPLv2+) and BSD and MIT and Public Domain and zlib with acknowledgement
 URL:            http://www.freetype.org
@@ -25,6 +25,7 @@ Patch6006:      backport-CVE-2022-27404.patch
 Patch6007:      backport-0001-CVE-2022-27405.patch
 Patch6008:      backport-0002-CVE-2022-27405.patch
 Patch6009:      backport-CVE-2022-27406.patch
+Patch6010:      backport-CVE-2023-2004.patch
 
 BuildRequires:  gcc libX11-devel libpng-devel zlib-devel bzip2-devel
 
@@ -72,6 +73,7 @@ popd
 %patch6007 -p1
 %patch6008 -p1
 %patch6009 -p1
+%patch6010 -p1
 
 %build
 %configure --disable-static --with-zlib=yes --with-bzip2=yes --with-png=yes --enable-freetype-config --with-harfbuzz=no
@@ -146,6 +148,9 @@ install -p -m 644 %{SOURCE3} $RPM_BUILD_ROOT%{_includedir}/freetype2/freetype/co
 %{_mandir}/man1/*
 
 %changelog
+* Mon Apr 17 2023 zhouwenpei <zhouwenpei1@h-partners.com> - 2.10.2-5
+- fix CVE-2023-2004
+
 * Sat May 14 2022 wangkerong<wangkerong@h-partners.com> - 2.10.2-4
 - fix CVE-2022-27404,CVE-2022-27405,CVE-2022-27406
 
@@ -159,7 +164,7 @@ install -p -m 644 %{SOURCE3} $RPM_BUILD_ROOT%{_includedir}/freetype2/freetype/co
 - Type:CVE
 - CVE:CVE-2020-15999
 - SUG:NA
-- DESC:fixCVE-2020-15999
+- DESC:fix CVE-2020-15999
 
 * Thu Aug 20 2020 jinzhimin <jinzhimin2@huawei.com> - 2.10.2-1
 - Type:enhancement
-- 
Gitee